News

• Researchers propose TLS extension to detect rogue SSL certificates

  By Lucian Constantin | 24 May, 2012 20:35

  A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.

• PHP patches actively exploited CGI vulnerability

  By Lucian Constantin | 09 May, 2012 22:44

  The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

• PHP working on new patch for critical vulnerability after initial one failed

  By Lucian Constantin | 07 May, 2012 21:51

  The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.

• Most of the Internet's top 200,000 HTTPS websites are insecure, Trustworthy Internet Movement says

  By Lucian Constantin | 27 April, 2012 02:51

  Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.

• Most webmasters don't know how their websites got hacked, report says

  By Lucian Constantin | 23 March, 2012 04:14

  Most owners of compromised websites don't know how their sites got hacked into and only 6 percent detect the malicious activity on their own, according to a report released by StopBadware and Commtouch on Thursday.

• Flaw in web app frameworks pushes Microsoft to patch ASP.net promptly

  By Peter Sayer | 30 December, 2011 00:37

  Many web app frameworks are vulnerable to a denial-of-service attack targeting the way they handle hash tables, researchers revealed Wednesday, prompting Microsoft to announce an "out-of-band" patch for its ASP.NET platform just hours later.

• Unpatched Apache reverse proxy flaw allows access to internal network

  By Lucian Constantin | 26 November, 2011 00:43

  A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly.

• HTML versioning eliminated

  By Joab Jackson | 21 January, 2011 08:54

  The working group for HTML has done away with version numbers for the Web page rendering standard.

• Oracle burnishes its Lustre

  By Joab Jackson | 14 December, 2010 06:50

  While a number of small companies have been ramping up support for a file system called Lustre that Oracle acquired in its Sun Microsystems purchase earlier this year, Oracle itself has no plans to abandon the technology, a company executive told the IDG News Service in an interview.

• Can Oracle pull off Sun portals merger without a hitch?

  By Chris Kanaracus | 07 July, 2010 05:38

  Oracle is preparing to launch a major migration of portals that serve customers and technologies gained through its acquisition of Sun Microsystems.

• HipHop steals Web serving from Apache at Facebook

  By Rodney Gedda | 24 February, 2010 07:10

  Despite using the venerable LAMP (Linux Apache MySQL PHP) stack to build one of the busiest sites on the Internet, Facebook is moving its main Web serving infrastructure from Apache to HipHop for PHP, which has its own embedded Web server.

• Apache mulls end of 1.3, 2.0 releases

  By Rodney Gedda | 12 January, 2010 15:22

  The Apache Software Foundation (ASF) may stop releasing new versions of the older 1.3 and 2.0 series of its flagship Web server product with most development now focused on the 2.2 series.

• Facebook releases real-time Web server tech as open source

  By Juan Carlos Perez | 11 September, 2009 05:04

  Facebook is releasing as open source a Web server technology because it wants to make it easier for developers to create applications that let users post status updates in real time, a functionality popularized by Twitter.